diff --git a/containerd.spec b/containerd.spec index 86eb9fec9ee307c9e26a996d3727cedd988bc9ee..856c33ebae8844c793153e6409ee5e2ba69c2a63 100644 --- a/containerd.spec +++ b/containerd.spec @@ -68,11 +68,11 @@ install -D -p -m 0644 %{S:7} %{buildroot}%{_sysconfdir}/containerd/config.toml %exclude %{_bindir}/containerd-stress %changelog -* Thu Mar 21 2024 tiberium - 1.6.22-11 +* Wed Apr 03 2024 zhongjiawei - 1.6.22-11 - Type:bugfix - ID:NA - SUG:NA -- DESC:fix clang compile issue due to ldflags format error +- DESC:modify Makefile for go build options * Fri Mar 22 2024 zhongjiawei - 1.6.22-10 - Type:bugfix diff --git a/git-commit b/git-commit index 23e55888262a7f57dba29a527285cedd7686268d..4874ccd5ff3ef450f3a9db8969f974f040eca29d 100644 --- a/git-commit +++ b/git-commit @@ -1 +1 @@ -4d153fc0e0ed7a2cf8b54c7de8632cbe7a4281ec +f4a871dc0e393d74c7a8472afe234fa67b854e2e diff --git a/patch/0035-containerd-modify-Makefile-for-go-build-options.patch b/patch/0035-containerd-modify-Makefile-for-go-build-options.patch new file mode 100644 index 0000000000000000000000000000000000000000..e91d05a10465b9d86ac3feab63e9c5db7ba009be --- /dev/null +++ b/patch/0035-containerd-modify-Makefile-for-go-build-options.patch @@ -0,0 +1,58 @@ +From 6986f40b9cb83e0daee2b430382fa686a07f1937 Mon Sep 17 00:00:00 2001 +From: zhongjiawei +Date: Wed, 3 Apr 2024 10:34:31 +0800 +Subject: [PATCH] containerd: modify Makefile for go build options + +--- + Makefile | 18 ++++++++++++++---- + 1 file changed, 14 insertions(+), 4 deletions(-) + +diff --git a/Makefile b/Makefile +index e1e8d7c..b9a2328 100644 +--- a/Makefile ++++ b/Makefile +@@ -97,7 +97,7 @@ GO_TAGS=$(if $(GO_BUILDTAGS),-tags "$(strip $(GO_BUILDTAGS))",) + BEP_DIR=/tmp/containerd-build-bep + BEP_FLAGS=-tmpdir=/tmp/containerd-build-bep + +-GO_LDFLAGS=-ldflags ' -buildid=IdByIsula -extldflags=-zrelro -extldflags=-znow $(BEP_FLAGS) -X $(PKG)/version.Version=$(VERSION) -X $(PKG)/version.Revision=$(REVISION) $(EXTRA_LDFLAGS)' ++GO_LDFLAGS=-ldflags ' -buildid=IdByIsula -extldflags=-zrelro -extldflags=-znow $(BEP_FLAGS) -X $(PKG)/version.Version=$(VERSION) -X $(PKG)/version.Revision=$(REVISION)' + SHIM_GO_LDFLAGS=-ldflags '-extldflags=-static' -ldflags '-buildid=IdByIsula $(BEP_FLAGS) -X $(PKG)/version.Version=$(VERSION) -X $(PKG)/version.Revision=$(REVISION) -linkmode=external -extldflags=-Wl,-z,relro,-z,now' + + # Project packages. +@@ -246,7 +246,7 @@ bin/%: cmd/% FORCE + CGO_CPPFLAGS="-fstack-protector-strong -D_FORTIFY_SOURCE=2 -O2" \ + CGO_LDFLAGS_ALLOW='-Wl,-z,relro,-z,now' \ + CGO_LDFLAGS="-Wl,-z,relro,-z,now -Wl,-z,noexecstack" \ +- go build ${GO_GCFLAGS} ${GO_BUILD_FLAGS} -o $@${BINARY_SUFFIX} ${GO_LDFLAGS} ${GO_TAGS} ./$< ++ go build ${GO_GCFLAGS} ${GO_BUILD_FLAGS} -o $@${BINARY_SUFFIX} ${SHIM_GO_LDFLAGS} ${GO_TAGS} ./$< + + bin/containerd-shim: cmd/containerd-shim FORCE # set !cgo and omit pie for a static shim build: https://github.com/golang/go/issues/17789#issuecomment-258542220 + @echo "$(WHALE) $@" +@@ -259,11 +259,21 @@ bin/containerd-shim: cmd/containerd-shim FORCE # set !cgo and omit pie for a sta + + bin/containerd-shim-runc-v1: cmd/containerd-shim-runc-v1 FORCE # set !cgo and omit pie for a static shim build: https://github.com/golang/go/issues/17789#issuecomment-258542220 + @echo "$(WHALE) $@" +- @CGO_ENABLED=${SHIM_CGO_ENABLED} $(GO) build ${GO_BUILD_FLAGS} -o $@ ${SHIM_GO_LDFLAGS} ${GO_TAGS} ./cmd/containerd-shim-runc-v1 ++ CGO_ENABLED=1 \ ++ CGO_CFLAGS="-fstack-protector-strong -fPIE -D_FORTIFY_SOURCE=2 -O2" \ ++ CGO_CPPFLAGS="-fstack-protector-strong -fPIE -D_FORTIFY_SOURCE=2 -O2" \ ++ CGO_LDFLAGS_ALLOW='-Wl,-z,relro,-z,now' \ ++ CGO_LDFLAGS="-Wl,-z,relro,-z,now -Wl,-z,noexecstack" \ ++ $(GO) build -buildmode=pie ${GO_BUILD_FLAGS} -o $@ ${SHIM_GO_LDFLAGS} ${GO_TAGS} ./cmd/containerd-shim-runc-v1 + + bin/containerd-shim-runc-v2: cmd/containerd-shim-runc-v2 FORCE # set !cgo and omit pie for a static shim build: https://github.com/golang/go/issues/17789#issuecomment-258542220 + @echo "$(WHALE) $@" +- @CGO_ENABLED=${SHIM_CGO_ENABLED} $(GO) build ${GO_BUILD_FLAGS} -o $@ ${SHIM_GO_LDFLAGS} ${GO_TAGS} ./cmd/containerd-shim-runc-v2 ++ CGO_ENABLED=1 \ ++ CGO_CFLAGS="-fstack-protector-strong -fPIE -D_FORTIFY_SOURCE=2 -O2" \ ++ CGO_CPPFLAGS="-fstack-protector-strong -fPIE -D_FORTIFY_SOURCE=2 -O2" \ ++ CGO_LDFLAGS_ALLOW='-Wl,-z,relro,-z,now' \ ++ CGO_LDFLAGS="-Wl,-z,relro,-z,now -Wl,-z,noexecstack" \ ++ $(GO) build -buildmode=pie ${GO_BUILD_FLAGS} -o $@ ${SHIM_GO_LDFLAGS} ${GO_TAGS} ./cmd/containerd-shim-runc-v2 + + binaries: $(BINARIES) ## build binaries + @echo "$(WHALE) $@" +-- +2.33.0 + diff --git a/series.conf b/series.conf index ed2304883d2976d301ae4239fdbf8d1c0af0674e..5aab0b1c74682cbe0caf5728ce813597b4262e1f 100644 --- a/series.conf +++ b/series.conf @@ -31,3 +31,4 @@ patch/0031-containerd-fix-some-containerd-bug.patch patch/0032-containerd-vendor-golang.org-x-net-v0.17.0.patch patch/0033-containerd-Fix-missing-closed-fifo.patch patch/0034-containerd-disable-Transparent-HugePage-for-shim-pro.patch +patch/0035-containerd-modify-Makefile-for-go-build-options.patch